CVE-2026-32730

CVE-2026-32730 affects ApostropheCMS: the bearer token authentication flow can bypass MFA/TOTP if a password-verification token (incompleteToken) is used as a bearer token. The root cause is a MongoDB query bug in the getBearer() logic: it checks for requirementsToVerify with $ne: [] (not equal t...

CVE-2026-32730 ApostropheCMS MFA/TOTP Bypass via Incorrect MongoDB Query in Bearer Token Middleware

ApostropheCMS is an open-source content management framework. Prior to version 4.28.0, the bearer token authentication middleware in @apostrophecms/express/index.js lines 386-389 contains an incorrect MongoDB query that allows incomplete login tokens — where the password was verified but TOTP/MFA...

CVE-2026-32730 ApostropheCMS MFA/TOTP Bypass via Incorrect MongoDB Query in Bearer Token Middleware

ApostropheCMS is an open-source content management framework. Prior to version 4.28.0, the bearer token authentication middleware in @apostrophecms/express/index.js lines 386-389 contains an incorrect MongoDB query that allows incomplete login tokens — where the password was verified but TOTP/MFA...

EUVD-2026-12975

ApostropheCMS MFA/TOTP Bypass via Incorrect MongoDB Query in Bearer Token Middleware...

GHSA-V9XM-FFX2-7H35 ApostropheCMS MFA/TOTP Bypass via Incorrect MongoDB Query in Bearer Token Middleware

MFA/TOTP Bypass via Incorrect MongoDB Query in Bearer Token Middleware Summary The bearer token authentication middleware in @apostrophecms/express/index.js lines 386-389 contains an incorrect MongoDB query that allows incomplete login tokens — where the password was verified but TOTP/MFA...

ApostropheCMS MFA/TOTP Bypass via Incorrect MongoDB Query in Bearer Token Middleware

MFA/TOTP Bypass via Incorrect MongoDB Query in Bearer Token Middleware Summary The bearer token authentication middleware in @apostrophecms/express/index.js lines 386-389 contains an incorrect MongoDB query that allows incomplete login tokens — where the password was verified but TOTP/MFA...

PT-2026-26158

MFA/TOTP Bypass via Incorrect MongoDB Query in Bearer Token Middleware Summary The bearer token authentication middleware in @apostrophecms/express/index.js lines 386-389 contains an incorrect MongoDB query that allows incomplete login tokens — where the password was verified but TOTP/MFA...

GHSA-P9XR-7P9P-GPQX Feathers has a NoSQL Injection via WebSocket id Parameter in MongoDB Adapter

Socket.IO clients can send arbitrary JavaScript objects as the id argument to any service method get, patch, update, remove. The transport layer performs no type checking on this argument. When the service uses the MongoDB adapter, these objects pass through getObjectId and land directly in the...

CVE-2026-30833 Rocket.Chat: NoSQL injection in the EE ddp-streamer-service

Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to versions 7.10.8, 7.11.5, 7.12.5, 7.13.4, 8.0.2, 8.1.1, and 8.2.0, a NoSQL injection vulnerability exists in Rocket.Chat's account service used in the ddp-streamer micro service that allows unauthenticated...

CVE-2026-30833

Rocket.Chat prior to versions 7.10.8, 7.11.5, 7.12.5, 7.13.4, 8.0.2, 8.1.1, and 8.2.0 is affected by a NoSQL injection in the account service used by the ddp-streamer microservice. The vulnerability occurs in the username-based login flow where user-supplied input is directly embedded into a Mong...

Malicious code in pino-mongodb-query-kaus (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 60978187df58a76af8bf3bb453febdb1c26f374f6ca92ace9aab9eefbde3b201 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-123695

Malicious code in pino-mongodb-query-kaus npm...

MAL-2025-146226 Malicious code in pino-mongodb-query-kaus (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 60978187df58a76af8bf3bb453febdb1c26f374f6ca92ace9aab9eefbde3b201 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

CVE-2025-11979

CVE-2025-11979 involves a buffer over-read that can crash MongoDB Server when an authorized user issues a DDL operation while queries are in flight. Affected are MongoDB Server versions: 7.x before 7.0.25, 8.x before 8.0.15, and 8.2.0. Connected sources corroborate the same description across OSV...

EUVD-2022-53426

Malicious code in bioql PyPI...

Exploit for CVE-2024-53900

CTF Challenge - Mongoose RCE CVE-2024-53900 Challenge Overvie...

Rocket.Chat actionLinkHandler Information Disclosure Vulnerability

Rocket.Chat is an open source team chat software. Rocket.Chat suffers from an information disclosure vulnerability that stems from the actionLinkHandler method allowing message ID enumeration using a Regex MongoDB query. An attacker can exploit the vulnerability to obtain sensitive information...

Improper access control

An improper access control vulnerability exists in Rocket.Chat v5, v4.8.2 and v4.7.5 due to input data in the getUsersOfRoom Meteor server method is not type validated, so that MongoDB query operator objects are accepted by the server, so that instead of a matching rid String a$regex query can be...

CVE-2022-32226

An improper access control vulnerability exists in Rocket.Chat v5, v4.8.2 and v4.7.5 due to input data in the getUsersOfRoom Meteor server method is not type validated, so that MongoDB query operator objects are accepted by the server, so that instead of a matching rid String a$regex query can be...

Rocket.Chat 安全漏洞

Rocket.Chat is an open source team chat software. An information disclosure vulnerability exists in Rocket.Chat versions prior to 4.7.5, 4.8.0 and later, and prior to 4.8.2, which stems from a failure of the getReadReceipts Meteor server method to correctly filter user input passed to a MongoDB...